Ethical Hacking & Bug Hunting: Buffer Overflow For Beginners
What you'll learn
- Fuzzing applications.
- Using a debugger to examine the crash.
- Identifying error conditions using debugging.
- Targeting the EIP register.
- Identifying bad characters.
- Locating the vulnerable module.
- Exploit Development.
- Creating final exploit code.
- Gain Remote Code Execution on Windows.
Requirements
- Basic knowledge of Linux
- Basic knowledge of Python
- Immunity Debugger
- Metasploit Framework
- A Windows machine (real or virtual), to exploit
- A Linux machine (real or virtual), as the attacker.
Description
The primary goal of this course is to provide you with practical exposure to the world of bug hunting. After taking this course, you will have a better understanding of the approaches (reverse engineering, exploit development) that bug hunters use to find security vulnerabilities. You will learn how to exploit Buffer Overflows on Windows systems. This is an initial course and begins from the very basics of exploitation and is beginner-friendly.
The difficulty is that most IT professionals do not have the general software development background required to begin the subject of buffer overflow. This course cuts down the technical subjects of computer memory management, controlling code, and data inside of a working program, and exploiting poor quality software into terms that IT people with no software development knowledge can understand.
A buffer overflow is a popular software coding error that an intruder could use to take control over your system. To efficiently decrease buffer overflow vulnerabilities, it is necessary to understand what buffer overflows are, what threats they act to your applications, and what methods attackers use to successfully exploit these vulnerabilities.
In this course, you will learn how to use different tools such as Immunity Debugger, Mona library for Immunity Debugger, Metasploit, msfvenom, Spike, File Fuzz and much more. This course is intended to be practical.
In this course, we will answer the following questions:
What is Buffer Overflow?
How do buffer overflow attacks work?
How to find buffer overflow vulnerabilities?
How to write a buffer overflow exploit?
Syllabus:
Reverse engineering.
Fuzzing applications.
Using a debugger to examine the crash.
Identifying error conditions using debugging.
Targeting the EIP register.
Identifying bad characters.
Locating the vulnerable module.
Creating final exploit code.
Exploit development.
Gain Remote Code Execution on Windows.
With this course you'll get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you within 10 hours.
NOTE: This course is created for educational purposes only.
Who this course is for:
- Security researchers
- Security consultants
- Programmers
- Penetration testers
- Anyone else who wants to dive into the exciting world of bug hunting.
- ِِِِAnyone who wants to understand how exploits work.
- Anyone interested in Reverse Engineering and Exploit Development
- People preparing for OSCP, OSCE etc.
Instructor
![Eslam Medhat (Ethical Hacking, Bug Bounty and Penetration Testing)](data:image/svg+xml,%3Csvg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 64 64"%3E%3C/svg%3E){kind=avatar}
- 4.1 Instructor Rating
- 1,716 Reviews
- 14,408 Students
- 4 Courses
is a professional pen-tester and ethical hacker with over 9 years of IT experience bringing a strong background in programming languages and application security, ranging from network and system administration to exploit research and development. He reported various vulnerabilities for high profile companies and vendors (such as Microsoft, Yahoo, Sony, AVG, Bitdefender, Facebook and many more) and was successfully acknowledged by them.
Certifications:
- OSCP
- CEH (Certified Ethical Hacker)
- GPEN
- GWAPT
- CCNA and CCNA Security
- MCITP
- Advanced Linux&InfoSEC
Technical Skills:
Security: Application and network penetration testing, source code review, Incident Response, protocol analysis, fuzzing, reverse engineering, antiDDoS, IDS.
Languages: PHP, JavaScript, Java SE, C++, C#, Python, Visual Basic, SQL,CMD, Bash scripts, Assembly.
Tools/Frameworks: Burp Suite, OWASP ZAP, Fiddler, OWASP Mantra, Acunetix, Netsparker, W3AF, Nikto, SqlMap, Sql Ninja, Xenotix XSS Exploit Framework, Metasploit framework, Vmware, VirtualBox, Wireshark, Tcpdump,Dominator, Fuzzers, DirBuster, joomscan, sslstrip, Ettercap, Arachni, Nessus, ollydbg, Armitage, John the Ripper, etc..
Operating Systems: Expert knowledge of windows & Unix operating systems.
Website CMS: Wordpress, Joomla, Magento, etc..